Major Area Exam - Nilo Redini, "Security of Embedded Firmware"

Thursday, June 15, 2017 - 1:00pm
1132 Harold Frank Hall
Security of Embedded Firmware
Nilo Redini
Giovanni Vigna (Co-Chair), Christopher Kruegel, and Ben Hardekopf


With the dawn of the IoT era, smart devices have quickly made their way through people’s everyday lives, enriching them with a more convenient way of managing their daily routines and needs. As these devices range from smartphones to smart door locks, our privacy as well as our personal safety more and more rely on the correct functioning of them. It follows that the security of the software governing them, generally referred as firmware, is of crucial importance.

Unfortunately, from an analyst point of view, assessing the security of firmware components is a very arduous task, as the traditional binary analysis tools tend to be ineffective because of several unique challenges. More precisely, firmware components often are binary blobs, meaning that their file format does not follow a pre-determined standard, making their analysis extremely challenging. To make things even more difficult, firmware components are frequently shipped without source code, stripped by their symbols and packaged with proprietary and undocumented packaging algorithms. Also, certain properties characterizing firmware necessary to statically analyze them can only be obtained if the device hosting them is available to the analyst. As a result, the research community have studied and proposed novel tools and techniques to address the above- mentioned problems to automatically inspect arbitrary firmware binary files and detect security vulnerabilities.

In this literature review, the security of firmware is addressed. I will start from a general overview of their security, followed by a presentation of the binary unpacking problem and the proposed solutions. Subsequently, I will show an overview of the known attack vectors affecting firmware as well as some case studies of the consequences of successfully at- tacking them. Next, some of the best known and most used frameworks to analyze binary files (and firmware in particular) will be reviewed. Lastly, I will present some of the most used static as well as dynamic techniques employed by the previously mentioned frameworks.

Everyone welcome!